2

I have installed (one instance of API Manager in a server) and created an API for internal consumption only in my organization. Now there is a requirement to expose another new API for external users only.

Can I do this using this same installation? or should I go for distributed architecture?

I would like to have the same domain name of the proxy url which I expose to consumers with different context paths for different API's. Can this be achieved?

Bee
  • 12,251
  • 11
  • 46
  • 73
Kishore Paila
  • 47
  • 6

1 Answers1

0

You can set role-based visibility for APIs in the API Store when you create an API at the API Publisher. See this for details.

You can restrict API access with the help of OAuth Scopes. Scopes can be mapped to roles. So you can have role-based access control for your APIs. See this for details.

Bee
  • 12,251
  • 11
  • 46
  • 73
  • The current API Manager installation is within our intranet network. How can we handle both internal and external calls for different API's available in the same installation? – Kishore Paila Jan 12 '17 at 19:55
  • What do you mean by handle? Are you looking for some kind of networking help? – Bee Jan 12 '17 at 20:08
  • No. I am trying to understand how wso2 api manager can be architecturally implemented for an organization, where they have this kind of requirement. There will be services which are only internal and should not be exposed to outside world (meaning an internal app calls it). And there will be some services which are exposed externally (meaning an external app calls it). I only think this can be done with multiple installations of WSO2, one for external services and one for internal services? – Kishore Paila Jan 12 '17 at 22:00
  • You can do this with the scopes as I said in the answer. Say you have a scope `scope_internal` which is mapped to the role `internal`. Then you can assign this scope to all resources of your internal API. Then only users who have that particular role can access that API. In addition, you can block internal API's context from outside using a reverse proxy or a similar approach. – Bee Jan 13 '17 at 07:36